diff --git a/vault/token_store.go b/vault/token_store.go index 9ee38135be51..28794e2adda5 100644 --- a/vault/token_store.go +++ b/vault/token_store.go @@ -2117,7 +2117,7 @@ func (ts *TokenStore) handleCreateCommon(ctx context.Context, req *logical.Reque NumUses int `mapstructure:"num_uses"` Period string Type string `mapstructure:"type"` - EntityAlias string + EntityAlias string `mapstructure:"entity_alias"` } if err := mapstructure.WeakDecode(req.Data, &data); err != nil { return logical.ErrorResponse(fmt.Sprintf( @@ -2223,13 +2223,13 @@ func (ts *TokenStore) handleCreateCommon(ctx context.Context, req *logical.Reque } // Get mount accessor which is required to lookup entity alias - mountValidationResp := ts.core.router.validateMountByAccessor("auth_token_") + mountValidationResp := ts.core.router.MatchingMountByAccessor(req.MountAccessor) if mountValidationResp == nil { return logical.ErrorResponse("auth token mount accessor not found"), nil } // Verify that the alias exist - aliasByFactors, err := ts.core.identityStore.MemDBAliasByFactors(mountValidationResp.MountAccessor, data.EntityAlias, false, false) + aliasByFactors, err := ts.core.identityStore.MemDBAliasByFactors(mountValidationResp.Accessor, data.EntityAlias, false, false) if err != nil { return logical.ErrorResponse(err.Error()), nil } @@ -2239,8 +2239,8 @@ func (ts *TokenStore) handleCreateCommon(ctx context.Context, req *logical.Reque // Entity alias does not exist. Create a new entity and entity alias newAlias := &logical.Alias{ Name: data.EntityAlias, - MountAccessor: mountValidationResp.MountAccessor, - MountType: mountValidationResp.MountType, + MountAccessor: mountValidationResp.Accessor, + MountType: mountValidationResp.Type, } newEntity, err := ts.core.identityStore.CreateOrFetchEntity(ctx, newAlias) diff --git a/vault/token_store_test.go b/vault/token_store_test.go index 5b63a1b66943..c8f0e0dad605 100644 --- a/vault/token_store_test.go +++ b/vault/token_store_test.go @@ -4,6 +4,7 @@ import ( "context" "encoding/json" "fmt" + "github.com/mitchellh/mapstructure" "path" "reflect" "sort" @@ -19,9 +20,9 @@ import ( "github.com/hashicorp/errwrap" "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-uuid" + "github.com/hashicorp/vault/helper/identity" "github.com/hashicorp/vault/helper/locksutil" "github.com/hashicorp/vault/helper/namespace" - "github.com/hashicorp/vault/helper/identity" "github.com/hashicorp/vault/logical" ) @@ -2658,13 +2659,14 @@ func TestTokenStore_HandleRequest_CreateToken_ExistingEntityAlias(t *testing.T) // Create token role resp, err = core.HandleRequest(ctx, &logical.Request{ - Path: "auth/token/roles/" + testRoleName, - Operation: logical.CreateOperation, + Path: "auth/token/roles/" + testRoleName, + ClientToken: root, + Operation: logical.CreateOperation, Data: map[string]interface{}{ - "orphan": true, - "period": "72h", - "path_suffix": "happenin", - "bound_cidrs": []string{"0.0.0.0/0"}, + "orphan": true, + "period": "72h", + "path_suffix": "happenin", + "bound_cidrs": []string{"0.0.0.0/0"}, "allowed_entity_aliases": []string{"test1", "test2", entityAliasName}, }, }) @@ -2673,11 +2675,10 @@ func TestTokenStore_HandleRequest_CreateToken_ExistingEntityAlias(t *testing.T) } resp, err = core.HandleRequest(ctx, &logical.Request{ - Path: "auth/token/create", + Path: "auth/token/create/" + testRoleName, Operation: logical.UpdateOperation, ClientToken: root, Data: map[string]interface{}{ - "role_name": testRoleName, "entity_alias": entityAliasName, }, }) @@ -2711,12 +2712,13 @@ func TestTokenStore_HandleRequest_CreateToken_NonExistingEntityAlias(t *testing. // Create token role resp, err := core.HandleRequest(ctx, &logical.Request{ - Path: "auth/token/roles/" + testRoleName, - Operation: logical.CreateOperation, + Path: "auth/token/roles/" + testRoleName, + ClientToken: root, + Operation: logical.CreateOperation, Data: map[string]interface{}{ - "period": "72h", - "path_suffix": "happenin", - "bound_cidrs": []string{"0.0.0.0/0"}, + "period": "72h", + "path_suffix": "happenin", + "bound_cidrs": []string{"0.0.0.0/0"}, "allowed_entity_aliases": []string{"test1", "test2"}, }, }) @@ -2726,11 +2728,10 @@ func TestTokenStore_HandleRequest_CreateToken_NonExistingEntityAlias(t *testing. // Create token with non existing entity alias resp, err = core.HandleRequest(ctx, &logical.Request{ - Path: "auth/token/create", + Path: "auth/token/create/" + testRoleName, Operation: logical.UpdateOperation, ClientToken: root, Data: map[string]interface{}{ - "role_name": testRoleName, "entity_alias": entityAliasName, }, }) @@ -2751,15 +2752,16 @@ func TestTokenStore_HandleRequest_CreateToken_NonExistingEntityAlias(t *testing. } // Get the attached alias information - aliases, ok := resp.Data["aliases"].([]identity.Alias) - if !ok { - t.Fatalf("failed to parse attached aliases. Resp: %#v", resp.Data) - } + aliases := resp.Data["aliases"].([]interface{}) if len(aliases) != 1 { - t.Fatalf("expected one attached alias but got %d", len(aliases)) + t.Fatalf("expected only one alias but got %d; Aliases: %#v", len(aliases), aliases) } - if aliases[0].Name != entityAliasName { - t.Fatalf("alias name should be '%s' but is '%s'", entityAliasName, aliases[0].Name) + alias := &identity.Alias{} + mapstructure.Decode(aliases[0], alias) + + // Validate + if alias.Name != entityAliasName { + t.Fatalf("alias name should be '%s' but is '%s'", entityAliasName, alias.Name) } } @@ -2786,7 +2788,7 @@ func TestTokenStore_HandleRequest_CreateToken_NotAllowedEntityAlias(t *testing.T entityID := resp.Data["id"].(string) // Find mount accessor - resp, err = core.systemBackend.HandleRequest(namespace.RootContext(nil), &logical.Request{ + resp, err = core.systemBackend.HandleRequest(ctx, &logical.Request{ Path: "auth", Operation: logical.ReadOperation, }) @@ -2808,10 +2810,11 @@ func TestTokenStore_HandleRequest_CreateToken_NotAllowedEntityAlias(t *testing.T // Create token role resp, err = core.HandleRequest(ctx, &logical.Request{ - Path: "auth/token/roles/" + testRoleName, - Operation: logical.CreateOperation, + Path: "auth/token/roles/" + testRoleName, + ClientToken: root, + Operation: logical.CreateOperation, Data: map[string]interface{}{ - "period": "72h", + "period": "72h", "allowed_entity_aliases": []string{"test1", "test2", "testentityaliasn"}, }, }) @@ -2820,7 +2823,7 @@ func TestTokenStore_HandleRequest_CreateToken_NotAllowedEntityAlias(t *testing.T } resp, _ = core.HandleRequest(ctx, &logical.Request{ - Path: "auth/token/create", + Path: "auth/token/create/" + testRoleName, Operation: logical.UpdateOperation, ClientToken: root, Data: map[string]interface{}{